[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: FW: Symantec Norton, Your Eyes Only.
Hi guys,
If I could get access to the source,
understand all of it fully, and understand
how it will act under Win95 with whatever
compiler they used, I could probably write
my own.
So I guess it comes down to trust.
Thanks for the replies.
Bye for now.
> -----Original Message-----
> From: David Honig [SMTP:[email protected]]
> Sent: Saturday, January 24, 1998 5:08 AM
> To: Pearson Shane; 'William H. Geiger III'
> Cc: '[email protected]'
> Subject: RE: FW: Symantec Norton, Your Eyes Only.
>
> At 03:46 PM 1/23/98 +1100, Pearson Shane wrote:
> >Hi William,
> >
> >Many thanks for the reply.
> >
> >I was hoping it was ok having Blowfish,
> >but I guess it could be their own
> >"efficient" version.
> >
> >Bye for now.
> >
>
> WHGIII gave you the most conservative answer. That is, in cryptology,
> the
> correct answer.
>
> A more detailed analysis would say:
>
> * the blowfish algorithm is considered strong for various reasons
>
> * IFF the Norton program were written correctly
> (not just the algorithm implementation, but key hiding,
> worrying about getting swapped onto disk by the OS, etc.)
> then it would be a useful tool for security.
>
> * Without examining the source, any assumption of security
> from using the tool relies *absolutely* on your trust of the
> implementor.
>
> (In a Turing award paper, Ritchie described how you
> implicitly must trust your compiler-writers too.. the
> compiler could have clandestine functions like inserting
> extra code when it recognizes patterns)
>
> So you see how WHGIII was correct, although for practical
> purposes (depending on the value of your data and the
> attackers you anticipate, plus the security of the rest of your
> system (only as strong as the weakest link)) you may find this tool
> acceptable
> in the non-exportable version. Keylength-limited versions are
> worthless
> from a security viewpoint.
>
> But on this mailing list, you won't find the yes/no answer
> you probably want. Which is probably correct behavior for this list.
>
> Cheers,
>
>
> ------------------------------------------------------------
> David Honig Orbit Technology
> [email protected] Intaanetto Jigyoubu
>
> "The tragedy of Galois is that he could have contributed so much
> more to mathematics if he'd only spent more time on his marksmanship."
>
>
>
>
>
>
>
>
>
>
>
>
>
>